By bladeofudun ·
I am using Sygate Personal Firewall and I have been getting a large number of alerts about ntoskrnl. I have just updated to XP Service Pack 3. Should I be concerned?

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

I think you are OK

by Jacky Howe In reply to NTOSKRNL - Sygate FW

After SP3 Virus test result AVG

Partition table (MBR) C: = Changed
Boot sector of disk C: = Changed
C:\windows\system32\kernel32.dll C: = Changed
C:\windows\system32\wsock32.dll C: = Changed
C:\windows\system32\user32.dll C: = Changed
C:\windows\system32\shell32.dll C: = Changed
C:\windows\system32\ntoskrnl.exe C: = Changed

Collapse -


by bladeofudun In reply to I think you are OK

So should I unblock it to make sure it does whatever it needs to be do?

Collapse -


by Jacky Howe In reply to Unblock?

what I have been seeing on other forums the quick fix is to remove Sygate and reinstall, as it is a known problem with Sygate. Some of your settings may have been upset when you installed SP3. It shouldn't need access to the internet so keep blocking it.
In Options there is an option to Hide Notification Messages.

Collapse -

This is a description of NTOSKRNL. EXE

by OH Smeg Moderator In reply to NTOSKRNL - Sygate FW

Windows errors related to ntoskrnl.exe?
ntoskrnl.exe is a critical process in the boot-up cycle of your computer although should never appear in Win Tasks whilst under normal circumstances

Note: ntoskrnl.exe can be altered by the w32.bolzano and variants. If this process appears in Win Tasks, please update your virus definitions immediately.

So unless you have a listing in Win Tasks or Running Processes there isn't a problem but a scan with a updated AV Product will not hurt.


Collapse -


by bladeofudun In reply to This is a description of ...

Do you realize how many times I've come across that description... word for word or close enough as to make no never mind?

Collapse -

Well it should tell you something

by OH Smeg Moderator In reply to Right...

This process is only used by Windows to startup not to run Windows. It is also an Attack Vector to exploit Windows.

Personally if I was seeing this reported I would be scanning my computer as I would expect it to be compromised if it was occurring while running. If it is only occurring on the startup it's not an issue but if it is constantly occurring while running there is a potential problem there that needs looking at.

The reason that the description above is so wide spread is because it's simple and accurate. As I don't have access to the machine in question all I can do in relation to the question asked of Is This a Problem is reply with a description of what the process does and that it is a Native Windows Process that can be compromised. If the system tests as clean I still wouldn't be unblocking ports to allow it to do it's thing but if other Windows Processes need that port unblocked I may seriously consider unblocking that port. It depends on what is happening and what is making the calls. But as to should I be worried I really don't know you have to make that decision and I'm trying to give you accurate Information to help you make whatever decision you eventually come to.


Collapse -


by bladeofudun In reply to Well it should tell you s ...

Thanks for the advice, I'm thinking I will either reinstall Sygate or switch that computer over to Comodo as well.

Related Discussions

Related Forums